I wrote this little How-To on base of the "Barrier Breaker"(r42801) OpenWRT-Version.I use my OpenWRT TP-Link Router behind a fritzbox (router) via WAN.You have to use secure DNS on the First Router(in my case Fritzbox).After you flash the OpenWRT on your Router, you have to set the root-password, you need it for the SSH-connection.

I recommended you to delete all IPv6 Settings.

Go to the Web-Interface of OpenWRT(example 192.168.1.1) with Your BrowserNetwork->Interfaces->LAN->Edit->scroll down to "DHCP Server"->IPv6 Settings->disable allandNetwork->Interfaces->WAN6->Delete

cat >> /etc/openvpn/nVPN.crt << EOF
"the nVPN certificate - see below on how to obtain (do NOT paste just this)"
EOF

To get the nVPN certificate, open up the "nVPN.crt" file (it's in the same directory as the config listed above) in notepad

and copy the contents. Make sure there are line breaks in the cert and that it includes the ----BEGIN---- and ----END---- tags.

6. Now Check if Your Config is right:

openvpn --cd /etc/openvpn --config /etc/openvpn/nvpn.ovpn

If you see "Initialization Sequence Complete" your config is correct! Close this putty-window now and start a new.

Type "ifconfig" an check if You See a "Tun0"-Interface to confirm that the openvpn create successfully the Tunnel-Device:

killall openvpn

7. Firewall-Settings

There are two ways to set the firewall. Option 1 allows outgoing connections only with an active VPN connection.Option 2 allows them even with inactive VPN connection. Follow either option 1 or option 2.

Option 1: All connections on the VPN-Network are limited. To be safe, backup the existing firewall rules with this first command:

Sometimes, for example when your first Router does the provider typical 24h-reconnect, it would drop the VPN-Connection.This script below checks every 2 minutes, if the VPN-connection is still established and incase not it will perform a reconnect to the VPN-connection:

If you want to See the Log connect to your Router via SFTP (example with WinSCP) and browse to /root/scripts/

Then click submit and your connection is properly secured incase of a VPN connection loss, thats it. Incase of any problems with this tutorial, feel free to contact the writer of the tutorial at this email jendy@secure-mail.biz